Vulnerabilities > Todd Miller > Sudo > 1.6.3p3

DATE CVE VULNERABILITY TITLE RISK
2010-06-07 CVE-2010-1646 Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
local
high complexity
todd-miller CWE-264
6.2
2007-08-13 CVE-2007-4305 System Call Wrappers Concurrency vulnerability in Systrace
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
local
high complexity
netbsd openbsd sysjail systrace todd-miller
6.2
2005-10-25 CVE-2005-2959 Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
local
low complexity
todd-miller CWE-264
4.6